万得数据部门需要海外相关数据,但由于GFW的缘故,中国大陆直接访问海外网站会遇到诸多问题,因此需要在香港搭建一台代理服务器,以此解决相关问题。
从squid的官方站点:http://www.squid-cache.org/
可以下载源代码包,也可以下载RPM包。该文档介绍源代码安装。
1. 将下载文件拷贝到
hkproxy:/usr/local/src# dir
-rw-r--r-- 1 root root 4828446 7月 1 22:14 squid-3.5.20.tar.gz
2. 解压安装包
hkproxy:/usr/local/src #tar zxvf squid-3.5.20.tar.gz
3. 进入到安装包
hkproxy:/usr/local/src # cd squid-3.5.20/
hkproxy:/usr/local/src/squid-3.5.20 #
4. 创建安装squid目录
hkproxy:/usr/local # mkdir squid
5. 添加squid用户
# useradd squid -g squid -s /bin/false
同时设置密码
创建组:
#groupadd squid
6. ./configure安装
hkproxy:/usr/local/src/squid-3.5.20 #./configure--prefix=/usr/local/squid/ --enable-ssl --enable-underscore --enable-icmp--enable-kill-parent-hack --enable-gnuregex--enable-default-err-language="Simplify_Chinese" --with-large-files--with-default-user=squid --disable-loadable-modules
注:--prefix=/usr/local/squid/:Squid的安装目录,缺省值为/usr/local/squid;
--enable-ssl:允许Squid终止SSL/TLS连接,仅对代理模式的加速请求有效;
--enable-underscores:允许主机名里包含下划线,但仍须考虑DNS解析程序可能会禁止主机名里包含下划线。
--enable-icmp:利用ICMP消息来确定回环时间(round-trip time),这类似于ping程序;
--enable-kill-parent-hack: 关掉squid的时候,要不要连同父进程一起关掉。
--enable-gnuregex:使用GNU正则表达式。
--enable-default-err-language=lang:错误消息采用的默认语言,英语是默认值。
--with-large-files: 支持大文件
--with-default-user=squid : 指定squid用户
--disable-loadable-modules :禁用加载动态的相关模块或预装的模块。在编译GCC的时候会报错,因此需要禁用该模块。
更多模块可以参考: ./configure –help
hkproxy:/usr/local/src/squid-3.5.20# ./configure --help | more
`configure'configures Squid Web Proxy 3.5.20 to adapt to many kinds of systems.
Usage: ./configure[OPTION]... [VAR=VALUE]...
To assignenvironment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of theuseful variables.
Defaultsfor the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to thispackage
--help=recursive display the short help of all the includedpackages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure diror `..']
Installationdirectories:
--prefix=PREFIX install architecture-independent filesin PREFIX
[/usr/local/squid]
--exec-prefix=EPREFIX install architecture-dependent files inEPREFIX
[PREFIX]
Bydefault, `make install' will install all the files in
`/usr/local/squid/bin',`/usr/local/squid/lib' etc. You canspecify
aninstallation prefix other than `/usr/local/squid' using `--prefix',
forinstance `--prefix=$HOME'.
For bettercontrol, use the options below.
Finetuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables[EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data[PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data[PREFIX/com]
--localstatedir=DIR modifiable single-machine data[PREFIX/var]
--runstatedir=DIR modifiable per-process data[LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root[PREFIX/share]
--datadir=DIR read-only architecture-independentdata [DATAROOTDIR]
--infodir=DIR info documentation[DATAROOTDIR/info]
--localedir=DIR locale-dependent data[DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root[DATAROOTDIR/doc/squid]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
7. 如果configure安装报错,我遇到的是没有安装GCC编译器,因此需要安装该插件。
直接suse 的yast工具安装。
8. Make 编译
hkproxy:/usr/local/src/squid-3.5.20 # make #大约4分钟
9. Make install 安装
hkproxy:/usr/local/src/squid-3.5.20 # make install
10. 将安装目录的权限进行调整。
chown -R squid:squid /usr/local/squid/
11. 启动
hkproxy:/usr/local/squid/sbin # ./squid
12. 查看默认侦听端口是否启动,默认是3128,我更改为3129了。
hkproxy:/usr/local/squid/sbin# netstat -an | grep "3129"
tcp 0 0 :::3129 :::* LISTEN
tcp 0 0 10.90.5.33:3129 10.200.1.12:2131 ESTABLISHED
Squid的配置文件squid.conf
#acllocalnet src 10.0.0.0/8 # RFC1918possible internal network
#acllocalnet src 172.16.0.0/12 # RFC1918 possible internal network
#acllocalnet src 192.168.0.0/16 #RFC1918 possible internal network
#acllocalnet src fc00::/7 # RFC 4193local private network range
#acllocalnet src fe80::/10 # RFC 4291link-local (directly plugged) machines
#acllocalnet src 222.66.202.206/32
#acllocalnet src 58.247.3.26/32
acllocalnet src 10.200.1.12/32
acllocalnet src 10.100.4.3/32
acllocalnet src 10.200.0.8/32
acllocalnet src 10.200.6.228/32
acllocalnet src 10.200.4.63/32
aclSSL_ports port 443
aclSafe_ports port 80 # http
aclSafe_ports port 21 # ftp
aclSafe_ports port 443 # https
aclSafe_ports port 70 # gopher
acl Safe_portsport 210 # wais
aclSafe_ports port 1025-65535 #unregistered ports
aclSafe_ports port 280 # http-mgmt
aclSafe_ports port 488 # gss-http
aclSafe_ports port 591 # filemaker
aclSafe_ports port 777 # multilinghttp
acl CONNECT method CONNECT
# Squidnormally listens to port 3128
http_port 3129
将squid.conf配置文件变更后,通过命令重新加载
hkproxy:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k reconfigure
其它操作,请参考帮助:
hkproxy:/usr/local/squid/etc #/usr/local/squid/sbin/squid –k
hkproxy:/usr/local/squid/etc# /usr/local/squid/sbin/squid -k
/usr/local/squid/sbin/squid:option requires an argument -- 'k'
Usage:squid [-cdhvzCFNRVYX] [-n name] [-s | -l facility] [-f config-file] [-[au]port] [-k signal]
-a port Specify HTTP port number (default: 3128).
-d level Write debugging to stderr also.
-f file Use given config-file instead of
/usr/local/squid/etc/squid.conf
-h Print help message.
-k reconfigure|rotate|shutdown|restart|interrupt|kill|debug|check|parse
Parse configuration file, thensend signal to
running copy (except -k parse)and exit.
-n name Specify service name to use for service operations
default is: squid.
-s | -l facility
Enable logging to syslog.
-u port Specify ICP port number (default: 3130), disable with 0.
-v Print version.
-z Create missing swap directories and then exit.
-C Do not catch fatal signals.
-D OBSOLETE. Scheduled for removal.
-F Don't serve any requests until store is rebuilt.
-N No daemon mode.
-R Do not set REUSEADDR on port.
-S Double-check swap duringrebuild.
-X Force full debugging.
至此可以浏览google了。。。。
hkproxy:/usr/local/squid/var/logs #cat access.log | more
1468291506.630 183 10.100.4.3 TCP_TUNNEL/200 848 CONNECTwww.google.com:443 - HIER_DIRECT/216.58.203.4 -
1468291506.791 877 10.100.4.3 TCP_TUNNEL/200 1626 CONNECTad.afy11.net:443 - HIER_DIRECT/74.117.199.102 -
1468291506.798 20 10.100.4.3TCP_MISS/200 842 GEThttp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBkrTynxASad- HIER_DIRECT/216.58.199.14 application/ocsp-response
1468291506.824 828 10.100.4.3 TCP_TUNNEL/200 43033 CONNECTfw.adsafeprotected.com:443 - HIER_DIRECT/52.196.221.84 -
1468291506.831 88010.100.4.3 TCP_TUNNEL/200 43033 CONNECT fw.adsafeprotected.com:443 -HIER_DIRECT/52.196.221.84 -
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。